This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-jenkins-12.1-squeeze-amd64-vmdk.zip.sig gpg: Signature made Tue Jun 4 13:39:22 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 5327e80a5dbb8dd91d2b6274d98a055df3c420b2 * md5sum 46930c4cc4af47c75c185500851ce5f3 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRre37AAoJEIXCXpWhbrlNGKUH/jCtMsCL+VIs5erPWJ4pdI3X JxjY5EepfT5lBeixA6zNyEGenoMgiMStTM0+w98iMHBZFWT9wde4Nj9Uu837ZZvp jNS7yo+SbAGAoYJM1DIeULvhMcA4q16gk7KJ8CqBcpn1RKeEi2E64rj+si5qoSre zxq/0cyYZ4g6IFshIBiuNlK5h725F53tERomUG6FT1neS8wgE57uptQAq/x8tN04 W30EvVSbsw+osCEY3H+dewdgFgnLPn8fmJDBeuWUEqvYPZYB/RRs2DLRr5YnP3FP IMqh0Im0aaklUWrSfkAwKjaRosCfo9Z8t/aBKKYtYyjSmE2OzysU2H7axvLWSio= =x0bG -----END PGP SIGNATURE-----